If you're not doing this with all your accounts, you're doing it wrong

If you're not using a password manager and two-step authentication, you're most likely doing things wrong.*

This 4-minute video may change your life. Or at least convince you that strong passwords and two-factor authentication are a must.

Oh, wait. You already use a password manager? You already have 2FA on all your accounts? Great. But chances are you know someone who doesn't. And you have got to share this video with them. We're to the point that these basic security measures are a must. (Don't believe me? Ask this guy.)

*Unless you're one of those people who has a crazy sort of brain that can do a one-time password sort of thing mentally. In which case remind me to buy you a beer and never ask how you do such a thing.

I am that guy.
I use this great tech called my brain and a system I use for all my passwords. They're all different,all unique, makes them easy to remember and hard to crack. I also use a fake account for crap I don't care about if someone hacks and never use Facebook or it's companies.

Oh and I ran as fast as I could from yahoo last year never to look back.

Same here! Don't understand why people even bother with PW managers.. What happens if THEY get hacked? My passwords are long as hell and contain all of the different character variations needed. Every one unique to a service, and I also don't use Facebook, twitter, most popular social networks. (I have accounts, just don't use them). I'm more of a text, call, and hangout kinds guy...

I started using lastpass 11 months and 1 day ago (I know because the app told me today that my premium subscription runs out in 29 days) and am a happy convert to stronger security. It takes some getting used to, especially the idea of always making sure my phone is handy for the 2 factor part, but I'm glad I stu k with it. I hear acquaintances talk about being hacked all the time and I can just smile knowing that the likelihood that will happen to me is tremendously smaller now. I can smile because I tried to convince them and the laughed at me.

In that case just rely on your phone to look up the password and then enter it into the friend's or public computer. Although realize that entering your password on someone else's computer is risky because you can't trust that it is in good condition and that maybe it has a keylogger waiting for passwords to be typed.

i have been using Awallet cloud android app a one off payment and it generates strong passwords and stores all my passwords in app and backup to Google drive, or any other cloud service, using that app for keeping passwords handy when i am out and about and google password backup does me and i wouldn't use sms authentication, as i have read sms isn't 100% safe, unless it is only option available Authy app is the best as it has multiple devices option, backup for offline also Authy has a chrome OS app and a chrome extension

I have specific passwords for financial and social media sites, and yes i have them written down in a safe space at home. I use fingerprint at all times possible. I will never place all my passwords in one basket.

I am a throwback to the old Palm days. I still use SplashID as my password manager because well, I have always used SplashID. I have both the Android and PC versions. With cloud syncing I don't have to connect directly to the PC to sync. Makes it easy when I get a new phone. Just install and open the app, enter my email address and pin, and have it sync. I also bought the lifetime subscription a few years ago so I don't have to pay the annual fee. The only time I need to pay is when a complete new rev of the PC version comes out.

The emphasis on encryption and 2FA is great, but can you also mention or at least disclose that most of these password managers that share data between users actually store the password data on their servers. To me that is a big omission. Great, we take all these precautions on our end, but the host security is just as important. Not seeing anything about this here or in the password software article.

Good video Phil. Another good tip for any newbee is when creating a new login account that requires a birthday. My rule of thumb is that the government and financial institutions get the real date. Other accounts get fictitious dates. Where would someone want to store the site specific birthdays? Why in a password manager of course.